Cisco Secure Firewall Management Center Software XPath Injection Vulnerability

A vulnerability exists in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, allowing authenticated, remote attackers to retrieve sensitive information from affected devices. This issue arises from inadequate input validation, enabling attackers to exploit the vulnerability by sending crafted requests to the management interface. Successful exploitation could result in the unauthorized retrieval of sensitive data from the device. The vulnerability affects Cisco Secure FMC Software when lockdown mode is enabled, which is off by default. Notably, when lockdown mode is disabled, Linux shell access, including root-level access, is available through the expert CLI command on devices running Cisco Secure FMC Software.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information on the affected device.

Remediation

Cisco has released software updates to address this vulnerability. For guidance on determining exposure to vulnerabilities in Cisco Secure Firewall products, the Cisco Software Checker tool can be used. This tool identifies relevant Cisco security advisories and the earliest software release that fixes the vulnerabilities. Instructions for using the Cisco Software Checker are available on the Cisco Security Advisories page.